Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Scripting"

Baselining

A good way to automate a lot of fixes without coding is baselining. There are multiple ways to do it, but the easiest way is to create secure configuration files before a competition, and copy those in during a competition.

• Some configuration files that will be worth configuring securely before a competition are:
  • /etc/ssh/sshd_config (config file for ssh, a remote-terminal program used on almost all linux servers)
  • /etc/pam.d/common-password (config file for password stuff)
  • /etc/login.defs (another password config file)
  • /etc/sysctl.conf (config file with a ton of random system-level configurations)

• These configuration files are fine as the default, but you have to make sure that they haven't been tampered with
  • /etc/sudoers (config file for sudo, the system that lets administrators run commands as root)
  • /etc/apt/sources.list (config file that specifies which URLs to pull packages from)

The default version of these configuration files can be found from a default installation of Ubuntu22 (or Linux Mint)

How to get the default version of the configuration files

• You can get the configuration files from a fresh installation of Ubuntu or Linux Mint This page explains how to make a virtual machine

How to configure a configuration file securely

• This wiki page has password-related configurations
• You can find guides on hardening these configuration files online, or even by asking ChatGPT "What modifications should I make to the file "/etc/login.defs" to make it more secure?"
• Here are some guides for hardening some of these configurations:
  • https://www.blumira.com/blog/secure-ssh-on-linux (/etc/ssh/sshd_config)
  • https://www.baeldung.com/linux/password-complexity (/etc/pam.d/common-password and /etc/login.defs)
  • https://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening (/etc/sysctl.conf) note: this website contains a ton of modifications, which will get you points but you should try to understand what they're doing
• You can also find configurations to make by looking at the answer keys of practice images, which will include some modifications that you can make.

How to copy the configuration files to the practice image

• First you have to get the files into the practice image. If you're using vmware you may be able to drag the file right into the image. But if that doesn't work you can use google drive or email to yourself.
• Next you have to backup the original file. You can use this command for that:
  • cp <path/to/original/file> <backup/location>
• Finally you have to copy your pre-configured file to its location:
  • cp <path/to/configured/file> <path/to/location>
• For Example, if you have a folder named "backups" for your backups and a folder named "custom-configs" with your pre-configured files:
  • cp /etc/ssh/sshd_config ./backups/sshd_config
  • cp ./custom-configs/sshd_config /etc/ssh/sshd_config

Useful one liners

These are useful commands or chains of commands to remember or write down for CyberPatriot (Feel free to add to this)

grep "sh$" /etc/passwd

• Lists all of the users on the system, plus the root user. It includes extra information, but the usernames are before the first colon.

find /home -name "*\.mp[34]" -o -name "*\.mov" -o -name "*\.webm"

• Finds all files which end in ".mp3", ".mp4", ".mov", or ".webm", which are usually not allowed to be in user's directories.

sudo rm /directory/of/files/to/delete/*

• This deletes all of the files within a certain directory (make sure to include the asterisk at the end). For example sudo rm /home/jim/Music/*